General
-
Target
02092399.exe
-
Size
739KB
-
Sample
230606-nm1vnadd42
-
MD5
06175aac59bea0835a3e7ae09f14487f
-
SHA1
1faf1010c7555edda759bd414d17764f2263bd3c
-
SHA256
104d35b73948ce44867e406b874f6dba72c7d01a5bf0f296f470f8d076247bf8
-
SHA512
e44fba882fcab750235b1ce0a4beeb4862239be1ca3241b6cc4499d75c7e64997b8120e975a8fad7e52f77ed7557ee2eaf712ac19b7a4f845f8d792b8c7ddaf1
-
SSDEEP
12288:HMrDy90ptej0fd+/KpjQzqYcTL447fgdNRZ6APGyS+3BMkL1V8R2piNqm:My2s0fo/Kpj3TL4GfKRZ6tzkL12RqiNp
Static task
static1
Behavioral task
behavioral1
Sample
02092399.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
02092399.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
02092399.exe
-
Size
739KB
-
MD5
06175aac59bea0835a3e7ae09f14487f
-
SHA1
1faf1010c7555edda759bd414d17764f2263bd3c
-
SHA256
104d35b73948ce44867e406b874f6dba72c7d01a5bf0f296f470f8d076247bf8
-
SHA512
e44fba882fcab750235b1ce0a4beeb4862239be1ca3241b6cc4499d75c7e64997b8120e975a8fad7e52f77ed7557ee2eaf712ac19b7a4f845f8d792b8c7ddaf1
-
SSDEEP
12288:HMrDy90ptej0fd+/KpjQzqYcTL447fgdNRZ6APGyS+3BMkL1V8R2piNqm:My2s0fo/Kpj3TL4GfKRZ6tzkL12RqiNp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-